Merge pull request #5729

7c894fc device_ledger: add paranoid buffer overflow check (moneromooo-monero) f07524b device_ledger: fix uninitialized additional_key (moneromooo-monero)
5 years ago · f68512e9e4
parent 8f6f674753 f07524b56b
commit f68512e9e4
2 changed files with 4 additions and 2 deletions
--- a/src/device/device_ledger.cpp
+++ b/src/device/device_ledger.cpp
@ -320,7 +320,9 @@ namespace hw {
    bool device_ledger::reset() {
      reset_buffer();
      int offset = set_command_header_noopt(INS_RESET);
-      memmove(this->buffer_send+offset, MONERO_VERSION, strlen(MONERO_VERSION));
+      const size_t verlen = strlen(MONERO_VERSION);
+      ASSERT_X(offset + verlen <= BUFFER_SEND_SIZE, "MONERO_VERSION is too long")
+      memmove(this->buffer_send+offset, MONERO_VERSION, verlen);
      offset += strlen(MONERO_VERSION);
      this->buffer_send[4] = offset-5;
      this->length_send = offset;
--- a/src/device/device_ledger.hpp
+++ b/src/device/device_ledger.hpp
@ -76,7 +76,7 @@ namespace hw {
        rct::key AKout;
        ABPkeys(const rct::key& A, const rct::key& B, const bool is_subaddr, bool is_subaddress, bool is_change_address, size_t index, const rct::key& P,const rct::key& AK);
        ABPkeys(const ABPkeys& keys) ;
-        ABPkeys() {index=0;is_subaddress=false;is_subaddress=false;is_change_address=false;}
+        ABPkeys() {index=0;is_subaddress=false;is_change_address=false;additional_key=false;}
        ABPkeys &operator=(const ABPkeys &keys);
    };